Botnet-Makers Try Breaching Mandrill’s Servers
Web Services
Attackers attempted to rope the email management company’s machines into a "botnet" network of hijacked computers that they presumably could exploit for nefarious purposes. The Mandrill systems contained customer information but there is no evidence the data was compromised.
The incident occurred after the firm made a change to a firewall on Feb. 20 to allow more granular access to some of the company's servers, according to CSO.
"As a result, a cluster of servers hosting Mandrill's internal application logs was made publicly accessible instead of allowing internal-only access," Brandon Fouts, the company’s general manager wrote in a March 18 blog post.
Mandrill discovered the vulnerability after the hackers unsuccessfully tried logging into those internal logging servers, CSO reports.
"There's not evidence that any customer data was queried or exported, but unfortunately we can't completely rule out the possibility of access," Fouts said.
Data that may have been exposed includes internal logs about emails sent, including sender and recipient addresses but not custom metadata or the content of messages, he said.